2. Table of Contents
What are the CASL Regulations?
Why is the CASL important?
Who and what falls under the purview of the CASL?
Difference between CAN-SPAM, CASL, and GDPR.
How is BizProspex compliant with the CASL regulations?
3. What are the CASL Regulations?
CASL protects consumers and businesses from the
misuse of digital technology, including spam and other
electronic threats. It also aims to help businesses stay
competitive in a global, digital marketplace. This anti-
spam law regulates the electronic messages (i.e. email,
texts) organizations send in connection with a
“commercial activity.” Its key feature requires Canadian
and global organizations that send commercial
electronic messages (CEMs) within, from or to Canada
to receive consent from recipients before sending
messages. CASL does not apply to CEMs that are
simply routed through Canada. The private right of
action came into force on July 1, 2017.
Electronic communication defined the CASL- A CEM
is any electronic message that encourages participation
in a commercial activity, such as an email that contains
a coupon or tells customers about a promotion or sale.
‘Any message that includes hyperlinks to a website or
contains business-related information does not make it a
4. Why is the CASL important?
The provisions of CASL surrounding the sending of CEMs
aim to combat spam and create an opt-in environment in
Canada including foreign ones, from sending unsolicited or
misleading commercial electronic messages (“CEM”) or
programs to consumers without their consent.
Organizations must have implied consent or express written
consent to send a CEM to an electronic address. Implied
consent will allow organizations to send CEM’s for 6 months
to inquiries and 24 months to current customers and customers
who have made a purchase from your organization.
5. Who and what falls under the purview of the CASL?
The regulation applies to any “Commercial Electronic
Message” (CEM) sent from or to Canadian computers or
devices in Canada. Messages routed through Canadian
computer systems are not subject to this law.
A CEM is any message that:
● Is in an electronic format, including emails, instant
messages, text messages, and some social media
● Is sent to an electronic address, including email
addresses, instant message accounts, phone accounts,
and social media accounts, and
● Contains a message encouraging recipients to take
part in some type of commercial activity, including
the promotion of products, services, people/personas,
companies, or organizations.
6. Also it should be noted that certain transactional CEMs such as those that facilitate, complete, or confirm a commercial
transaction that the recipient previously agreed to enter into, or provide a quote or estimate for the supply of a product, good, or
service have also been exempted from the purview.
There are some notable exceptions to the law:
● Messages sent by or on behalf of an individual to another individual whom they have a family or personal
● Messages sent to an employee or consultant of your business or another organization with whom your
organization has a relationship,
● Messages sent in response to a request, inquiry, or complaint or that is otherwise solicited by the recipient,
● Messages that will be accessed in a foreign country, including the U.S., China, and most of Europe, as long as
the message complies with the anti-spam laws of that foreign country,
● Messages sent by or on behalf of a registered charity or a political party or organization for the purposes of
raising funds or soliciting contributions,
● Messages sent to a person to satisfy a legal obligation, provide notice of an existing or pending right, legal, or
juridical obligation, court order, or to enforce a legal right, juridical order, or court order.
7. Consent and opt-in
EXPRESS CONSENT IMPLIED CONSENT
Existing business relationship
The recipient has made, or enquired about, a purchase or
lease of goods, services, land or interest in land, a written
contract or the acceptance of a business, investment or
gaming opportunity from you.
Valid consent given in writing or orally
The recipient gave you a positive or explicit
indication of consent to receive commercial
Express consent is not time-limited
Unless the recipient withdraws his or her consent.
Existing non-business relationship
You are a registered charity, a political party or a
candidate, and the recipient has provided you a gift, a
donation or volunteer work.
It is generally time-limited
t is typically a period of 2 years after the event that
starts the relationship (e.g. purchase of a good). For
subscriptions or memberships, the period starts on
the day the relationship ends.
Recipient’s e-mail address was sent.
The address was disclosed without any restrictions
and your message relates to the recipient’s
functions or activities in a business or official
8. Difference between CAN-SPAM,CASL and GDPR.
CAN-SPAM (US Anti-SPAM law) CASL (Canadian Anti-SPAM law) GDPR (EU data protection law)
CAN-SPAM is an opt-out law. Recipients
can be sent commercial messages without
prior consent, but must be able to opt-out
easily. Pre-check boxes are considered
All senders must obtain either express or
implied consent before sending CEMs to
individuals. The sender must provide a
separate request for consent; which
cannot be bundled. Pre-checked boxes are
not considered consent.
Senders must provide separate requests for
consent. The organisation and any third
party who will be relying on consent must
be named. Even precisely defined
categories of third party will be
Each separate email violation of the
CAN-SPAM Act is subject to penalties of
Up to $10 million per violation.
Directors, offices, agents and mandataries
of a corporation may face individual
liability under the CASL and be subject
to $1 million per violation.
Fines up to $20 million euros or a total of
4% annual worldwide revenue, whichever
9. CAN-SPAM (US Anti-SPAM law) CASL (Canadian Anti-SPAM law) GDPR (EU data protection law)
Opt-out duration -
Recipients must be opted out within 10
days of notification to the sender that they
no longer wish to receive communication.
They must remain opted out for a
minimum of 30 days after the message has
Opt-out duration -
Any unsubscribed request must be
honored immediately or within 10 days.
The unsubscribed must be valid for a
minimum of 60 days after the message has
Opt-out duration -
Communication recipients can opt-out any
time, and it must be honored promptly.
Recipients also have the Right to be
Forgotten, or Data Erasure, which entitles
the person or organisation processing, or
disseminating any personal information to
halt the processing of data.
Age restrictions -
No age restriction are a part of CAN-
SPAM. It imposes certain requirements on
operations of websites or online services
directed at children under 13 years of age
and on operators of the website collecting
Age restrictions -
No age restriction requirements.
Age requirements -
Parental consent must be provided for
children under 16 years of age. Currently,
this is not a law but will be similar to US
COPPA legislation for children.
10. Sources of spam (reported through online form)
Text Messages (SMS)
Instant Messages (IM)
Between October 2021 and March 2022, about 65%
of the messages reported to the SRC were related to
affiliate marketing or legitimate businesses selling or
promoting the sale of a good or service.
11. Rate of complaints lodged and reasons specified
Looking at submissions from Canadians to
the Spam Reporting Centre (SRC) over
the last 6 months, per month complaints
about consent issues were at their highest
in November 2021.
Note: Statistics derived from spam reports filed
through the SRC online form.
Source- SRC (Canada)
12. How is BizProspex compliant with the CASL regulations?
BizProspex, being the leading services provider in the
business, understands the requirements and
responsibilities of delivering legitimate and accurate data.
We stand out as global leaders when it comes to CRM
cleaning, Data appending, Data mining, Tech install, Data
Merging and Data Deduping for B2B clients. We aim at
supplying our clients with public data scraping of the
highest quality to boost your sales numbers. At
BizProspex, we focus on becoming the partner your
organization needs to survive, and in the long run, thrive.
By understanding what your company’s needs are, we’re
prepared to bring you solutions with legitimacy that truly
make a difference.
13. ● By conducting an assessment of the data protection risks associated with any new project and initiating a plan to mitigate
● By assessing and implementing the CASL compliance to existing or pre-dated email correspondence.
● By initiating and executing an immediate mitigation plan to address any gaps or risks posed in delivering our data services
via electronic email.
As specified under Sec 10(9), implied consent for sending CEMs if it is done under certain conditions, this includes having an
existing business relationship (EBR) based on a previous commercial transaction with the recipient. All of our email marketing
campaigns are directed towards our previous customers or private subscribers. Hence our consent requirements for CEM are
always met with.
The processed data which is sent to the data controllers (our customers) are provided via email and these transactions are subject to
contractual provisions. (express consent)
We are one of the Best CASL Compliant Data Service Providers worldwide and as we have many of our customers
residing in Canada, we make sure that we conduct our business in accordance with prolific CASL regulations:
We claim the highest standards of work ethics with utmost obedience to laws that we are subject to. All the pre-scraped public
data that we collect and process is done so with the contractual consent of our customers. At BizProspex our compliance and
audit experts work tirelessly to make sure all the right compliance controls are in place when it comes to electronic
14. Partner with us to benefit with the highest-quality and CCPA
compliant data services. Contact us to know more.